vulnerability
Moodle: Unspecified Security Vulnerability (CVE-2024-28593)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Mar 22, 2024 | May 5, 2025 | Feb 15, 2026 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Mar 22, 2024
Added
May 5, 2025
Modified
Feb 15, 2026
Description
The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."
Solution
moodle-upgrade-latest
References
- CVE-2024-28593
- https://attackerkb.com/topics/CVE-2024-28593
- CWE-94
- URL-https://docs.moodle.org/403/en/Using_Chat
- URL-https://gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txt
- URL-https://medium.com/%40lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.